AIR Console Access Control

To address a security vulnerability involving Host header injection, we have (with AIR v4.33) implemented more stringent controls on AIR Console access.

Key Points:

• Access Restriction: The AIR Console will now only be accessible through the specific address registered during the initial setup, ensuring that only legitimate requests are processed.

• Technical Enforcement: This measure counters manipulations of the Host header that could potentially allow unauthorized access.

• Configuration Flexibility: For legitimate access needs from multiple domains or IP addresses, users can specify allowable entries via the AIR_CONSOLE_ADDRESSES environment variable.

• Enhanced Security: This change not only prevents unauthorized access but also aligns with best practices for secure network management.

This update enhances security protocols and provides administrators with better control over access settings.